Fake Android apps caught dropping Coinhive miner

In October last year, three Android apps on Play Store were found infected with Coinhive cryptocurrency miner to generate Monero digital coins. Now, an IT security researcher Elliot Alderson found fake Android apps that are infected with Coinhive cryptocurrency miner specially developed to use the CPU power of a targeted device.

Fake app real miner

According to Elliot, whose real name is Robert Baptiste, these apps are available on a third-party website that claims to provide free APKs (Android application package) to users but in reality, these APKs are infected with Coinhive miner from the beginning.

“I don’t think these apps are the original apps. The “hacker” modified it and repacked it and after that, he uses multiple dropper apps to distribute these modified apps. Only the package name and the app name has been changed and I just dig up more and in fact, this is the same app 291 times which means there are 291 applications with different icons and names, Baptiste told HackRead.

Upon scanning, some of the APK files available on the site, VirusTotal showed that these files were infected with the Coinhive miner. Remember, secret use of any cryptocurrency miner is considered as using malware against users. To prove the point, last year, CloudFlare booted off one of their customers for secretly using Coinhive miner and not letting site visitors to opt-out or disable the code.